The Reasons Network Security Fails

– By: Dr. Gene Lloyd –

Have you noticed that there is a story in the news about a new hacking incident every week, and almost every day? These types of attacks have increased exponentially over the past several years, and they will likely continue to rise because of the constant connection many of us have to the Internet through all our devices, and all the capabilities they contain. But somewhere along the way, we need to ask ourselves why we are having so much trouble keeping these attacks at bay. We have firewalls, intrusion prevention systems, advanced antivirus heuristics, and so many other defensive capabilities, and yet the bad guys still seem to find a way in. Plenty of experts have opined about what went wrong in specific scenarios, but unfortunately, we haven’t really learned our lesson yet. Here’s the reality, the major reason cyber security initiatives fail so frequently is because we are continuing to do the same thing we have been doing for many years in this industry. We have not adapted our approach to make our networks more secure, or took the appropriate measures that will easily keep the bad guy at bay. There are simple solutions that can solve these problems. Yes, you read that correctly. There are plenty of easy solutions that can be very effective in network defense. The silly thing is that most managers tend to be afraid of implementing the simple solutions because they are so drastically different from what we have always been taught to do.

What if I told you that you didn’t actually need that web proxy server to keep employees from accessing restricted sites? What if I told you that you didn’t actually need to disable HTML links in emails for fear of an employee downloading a virus? Some of the biggest threats on the internet today are easily countered by very minor changes that don’t cost any money at all. In fact, these changes can ultimately save you money because you will be able to eliminate hardware, consolidate employee positions, and eliminate the need for hiring new employees to handle growing concerns. What organization does not want to trim their budget and reduce their bottom line? Historically, organizations have added more hardware appliances to the network that are supposed to provide extra layers of protection, and yet, hackers continue to find a way in. We have put firewalls in place, along with intrusion detection systems, demilitarized zones, proxy servers, VPN’s, host-based intrusion prevention, etc. All of these devices and applications have become part of our standard security methodology. And we have allowed the security methodology to become so complicated that we constantly need to spend more money, on more equipment, and more employees, to make an attempt at keeping our networks secure. And what happens, those super protected networks still get hacked. The hacking attacks in recent history against the Office of Personnel Management, Target, Home Depot, and the U.S. energy sector show this to be true.

Continuing to throw resources at a problem without the assurance that those expenditures will provide you with virtually 100% protection is nothing more than a waste of money. Less devices to manage translates into fewer employees needed to keep those devices updated and operating efficiently. If we take the proxy server off of the network, we don’t need anyone to manage it. If we uninstall the host-based intrusion prevention software from all the workstations, we won’t need an employee to manage that process either. And those employees could then focus their talents on the real threats instead of just throwing new solutions at a problem that is seemingly growing out of control. And the same is true for many of the other methodologies we have in place. Yes, those sound like drastic measures. And if the current security methodology is all you have ever been taught, it will feel like a major shift from traditional thinking. Sometimes, flipping the model upside down is the best step forward. And, in this case, it means that we need to simplify our approach. The great news is that there is a much simpler way to provide an even greater degree of protection without having to buy more appliances, hire more employees, and complicate security even further. Streamlining makes the process simpler. Listen, we have already thought through the variables and are here to help you have a more streamlined and secure cyber security posture. Contact us today for a free consultation.

 

​Sign up for a FREE consultation

​Get a free 1-hour telephone consultation with a cyber security expert with no required commitments -- a $500 value!